how to issue certificate for device by device manage server

I am developping the manage sever for auth device. I am not sure how to issue certificate for the auth device. I have two schemes。
The first scheme is use the open source pki like ebjca to issue certificate for the device 。The Device Manage Server use restful http api to invoke the pki sytem like ebjca to issue certificate。the ebjca can also integraet the HSM。Whether the scheme is feasible?

The second scheme is not the open source pki system。The manage server also include the self developped pki system. And The Manage Server also need to integrate the HSM。I refer to the key manager module for development。Because I see the MOSIP Key Manage Module provides secure storage, provisioning and management of secret data. It provides all the cryptographic operations like encryption/decryption & digital signature/verification making one trust store for all partner trust path validation.

Who can give me some suggestion?

Hi @dragon_king

Surely we can provide you with suggestions,I will ask one of my team member to look into this and provide you with the solution.

Best Regards,